Firewall Wizards mailing list archives

Altavista Tunnel

From: Eric Dykema <Eric_test () sdsi com>
Date: Thu, 16 Oct 1997 10:30:22 -0500

First of all, I want to thank everybody who responded to my request for
info on Altavista Tunnel.  There were also several requests for me to
post my findings to the list, so here it is, including a note that was
sent to me by an Altavista Engineer:


"Eric, one of our business partners forwarded this note to me.  I
wanted to respond since it sounds like you might have gotten some
erroneous information.  The AltaVista Tunnel 97 does support file and
print services over the tunnel, as long as you're encapsulating in IP
(NetBEUI over TCP/IP, or NBT).  This has nothing to do with your
firewall, since all it does is relay the tunnel TCP traffic to the
tunnel server.

There was an issue mounting shares from our Tunnel 97 Windows NT
client, but that was fixed with Service Pack 1, available from
http://tunnel.altavista-software.com/tunnel/index.html.  Also, see the
FAQ for information on how to speed up your file and print connections
significantly if you are running Windows NT service pack 3.

Jeff Needle, AltaVista Engineering"


Apparently, NetBEUI, any IP, and IPX/SPX will be encrypted, encapsulated
in a TCP packet and routed (in that order) thru the tunnel.  Windows NT
domain login is not possible thru the tunnel because domain login would
have to happen before the tunnel is actually created.  However, access
to NT domain resources is still possible if you have logged onto your
Win95 or WinNT workstation using your domain username and password.

With everything configured properly, remote users are able to access the
LAN just as if they were sitting in the office.  This includes access to
NT domains, LanManager-style workgroups and UNIX machines.

FWTK needs to be configured for nothing more than a plug-gw on your
chosen port to the tunnel server.  The only packets that the FWTK ever
sees are TCP packets containing encrypted data.

I hope this will be useful to some of you, and thanks again for the
help!


--------------------------------------------------
Eric Dykema
email: Eric_Dykema () sdsi com
Network Administrator
SDS, Inc.
Oak Brook, IL  USA
630 368 0400 (voice)
630 990 8584 (fax)
--------------------------------------------------

Current thread:

AltaVista Tunnel Eric Dykema (Oct 15)
- <Possible follow-ups>
- RE: AltaVista Tunnel Linwood Ferguson (Oct 15)
- Re: AltaVista Tunnel Bruce B. Platt (Oct 17)
  - Re: AltaVista Tunnel Joseph S. D. Yao (Oct 17)
- Altavista Tunnel Eric Dykema (Oct 17)